krasnika^

РЕШЕН
Съмнение за инфектирана система

    18 мнения в тази тема


    Здравейте, бихте ли ми казали дали имам повод за притеснение. Клавиатурата ми и мишката отказват на моменти, което ме навежда на мисълта че е заразена машината. Работи бавно и ми дава на моменти син екран. Прилагам логовете:

    DDS:

     

    DDS (Ver_2011-09-30.01) - NTFS_x86 
    Internet Explorer: 8.0.6001.18702
    Run by MONI at 14:35:59 on 2013-05-11
    Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.97 [GMT 3:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ================
    .
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesAviraAntiVir Desktopsched.exe
    C:Program FilesAviraAntiVir Desktopavguard.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSSystem32PAStiSvc.exe
    C:Program FilesTeamViewerVersion8TeamViewer_Service.exe
    C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    C:Program FilesAviraAntiVir Desktopavgnt.exe
    C:Program FilesSkypePhoneSkype.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesTeamViewerVersion8TeamViewer.exe
    C:Program FilesAviraAntiVir Desktopavshadow.exe
    C:Program FilesTeamViewerVersion8tv_w32.exe
    C:WINDOWSSystem32alg.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesMozilla Firefoxfirefox.exe
    c:program filesteamviewerversion8TeamViewer_Desktop.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:WINDOWSsystem32wbemwmiprvse.exe
    C:WINDOWSsystem32svchost.exe -k DcomLaunch
    C:WINDOWSsystem32svchost.exe -k rpcss
    C:WINDOWSSystem32svchost.exe -k netsvcs
    C:WINDOWSsystem32svchost.exe -k NetworkService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www1.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=5C83002268826863
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
    uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun
    uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
    mRun: [HDAudDeck] c:program filesviaviaudioihdadeckHDeck.exe 1
    mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
    dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
    TCP: NameServer = 89.215.233.2 89.215.246.40
    TCP: Interfaces{A48477B5-DFB6-4E66-93CA-3491DD09FD48} : DHCPNameServer = 89.215.233.2 89.215.246.40
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
    SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication26.0.1410.64installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:documents and settingsmoniapplication datamozillafirefoxprofiles5w3wuf8l.default
    FF - plugin: c:documents and settingsall usersapplication datanexoneungmnpNxGameeu.dll
    FF - plugin: c:program filesadobereader 9.0readerairnppdf32.dll
    FF - plugin: c:program filesgoogleupdate1.3.21.145npGoogleUpdate3.dll
    FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_135.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.tuvaro.hpOld0 - 
    FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=main&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
    FF - user.js: extensions.tuvaro.instlDay - 15812
    FF - user.js: extensions.tuvaro.vrsn - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsni - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.114:03:46
    FF - user.js: extensions.tuvaro.prtnrId - tuvaro
    FF - user.js: extensions.tuvaro.prdct - tuvaro
    FF - user.js: extensions.tuvaro.aflt - orgnl
    FF - user.js: extensions.tuvaro.smplGrp - none
    FF - user.js: extensions.tuvaro.tlbrId - base
    FF - user.js: extensions.tuvaro.instlRef - 9e9471a2
    FF - user.js: extensions.tuvaro.dfltLng - 
    FF - user.js: extensions.tuvaro.excTlbr - false
    FF - user.js: extensions.tuvaro.ffxUnstlRst - false
    FF - user.js: extensions.tuvaro.admin - false
    FF - user.js: extensions.tuvaro.cam - 
    FF - user.js: extensions.tuvaro.autoRvrt - false
    FF - user.js: extensions.tuvaro.rvrt - false
    FF - user.js: extensions.tuvaro.hmpg - true
    FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=homepage&toolbarid=base&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.dfltSrch - true
    FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
    FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=url&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.dnsErr - true
    FF - user.js: extensions.tuvaro.newTab - true
    FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=9e9471a2&tbp=tab&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.tlbrSrchUrl - 
    FF - user.js: extensions.delta.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15812
    FF - user.js: extensions.delta.vrsn - 1.8.16.16
    FF - user.js: extensions.delta.vrsni - 1.8.16.16
    FF - user.js: extensions.delta.vrsnTs - 1.8.16.1614:06:01
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [2012-7-12 13616]
    R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [2012-7-12 5632]
    R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [2012-7-12 13616]
    R0 nvlegacy;nvlegacy;c:windowssystem32driversnvlegacy.sys [2012-7-12 100736]
    R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-1-6 37352]
    R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-1-6 86752]
    R2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-1-6 110816]
    R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-1-6 84744]
    R2 TeamViewer8;TeamViewer 8;c:program filesteamviewerversion8TeamViewer_Service.exe [2013-3-5 3574624]
    R3 MonitorFunction;Driver for Monitor;c:windowssystem32driversTVMonitor.sys [2013-2-3 13304]
    R3 PAC207;SoC PC-Camer@;c:windowssystem32driverspfc027.sys [2005-2-24 162176]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [2012-12-8 279680]
    S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 vtany;vtany;??c:windowsvtany.sys --> c:windowsvtany.sys [?]
    S3 xhunter1;xhunter1;??c:windowsxhunter1.sys --> c:windowsxhunter1.sys [?]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-12 250808]
    S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384]
    .
    =============== Created Last 30 ================
    .
    2013-04-18 13:37:10 -------- d-----w- c:documents and settingsall usersapplication dataInterAction studios
    2013-04-17 15:58:18 -------- d-----w- c:windowssystem32appmgmt
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsmoniapplication dataBabylon
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsall usersapplication dataBabylon
    2013-04-17 11:03:19 -------- d--h--w- c:windowssystem32GroupPolicy
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb1.bin
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb0.bin
    2013-04-14 00:02:47 1 ----a-w- c:windowssystem32nvdrssel.bin
    2013-04-14 00:02:08 -------- d-----w- c:program filesNVIDIA Corporation
    2013-04-11 19:20:18 26520 ----a-w- c:program filesmozilla firefoxplugin-hang-ui.exe
    2013-04-11 19:20:01 96664 ----a-w- c:program filesmozilla firefoxwebapprt-stub.exe
    2013-04-11 19:20:01 19352 ----a-w- c:program filesmozilla firefoxxpcom.dll
    2013-04-11 19:20:01 18581400 ----a-w- c:program filesmozilla firefoxxul.dll
    2013-04-11 19:20:00 92056 ----a-w- c:program filesmozilla firefoxsmime3.dll
    2013-04-11 19:20:00 867000 ----a-w- c:program filesmozilla firefoxuninstallhelper.exe
    2013-04-11 19:20:00 272280 ----a-w- c:program filesmozilla firefoxupdater.exe
    2013-04-11 19:20:00 170232 ----a-w- c:program filesmozilla firefoxwebapp-uninstaller.exe
    2013-04-11 19:20:00 157080 ----a-w- c:program filesmozilla firefoxssl3.dll
    2013-04-11 19:20:00 152472 ----a-w- c:program filesmozilla firefoxsoftokn3.dll
    .
    ==================== Find3M  ====================
    .
    2013-03-27 15:22:35 84744 ----a-w- c:windowssystem32driversavgntflt.sys
    2013-03-27 15:22:35 37352 ----a-w- c:windowssystem32driversavkmgr.sys
    2013-03-08 08:35:47 293376 ----a-w- c:windowssystem32winsrv.dll
    2013-03-07 03:23:36 2070016 ----a-w- c:windowssystem32ntkrnlpa.exe
    2013-03-07 01:31:48 2193536 ----a-w- c:windowssystem32ntoskrnl.exe
    2013-03-02 02:05:19 920064 ----a-w- c:windowssystem32wininet.dll
    2013-03-02 02:05:18 43520 ----a-w- c:windowssystem32licmgr10.dll
    2013-03-02 02:05:18 1469440 ----a-w- c:windowssystem32inetcpl.cpl
    2013-03-02 01:31:30 1876224 ----a-w- c:windowssystem32win32k.sys
    2013-03-02 01:08:57 385024 ----a-w- c:windowssystem32html.iec
    2013-02-12 00:32:23 12928 ----a-w- c:windowssystem32driversusb8023.sys
    .
    ============= FINISH: 14:37:09,76 ===============
     
    Attach:
     
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-09-30.01)
    .
    Microsoft Windows XP Professional
    Boot Device: DeviceHarddiskVolume1
    Install Date: 07.5.2005 г. 18:24:05
    System Uptime: 11.5.2013 г. 12:55:05 (2 hours ago)
    .
    Motherboard: FOXCONN |  | M61PMV
    Processor: AMD Sempron Processor LE-1200 | AMD Sempron Processor LE-1200 | 2109/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 68 GiB total, 59,224 GiB free.
    D: is FIXED (NTFS) - 165 GiB total, 146,672 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Пакет за езиков интерфейс на Windows
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0 - Bulgarian
    Avira Free Antivirus
    CCleaner
    Chicken Invaders 3 Free Trial
    Compatibility Pack for the 2007 Office system
    Dekaron
    Diner Dash - Hometown Hero
    Google Chrome
    Google Update Helper
    K-Lite Codec Pack 8.4.0 (Standard)
    Microsoft Office 2003 Bulgarian User Interface Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Mozilla Firefox 20.0.1 (x86 bg)
    MSXML 4.0 SP3 Parser (KB2758694)
    Nero 7 Micro
    NVIDIA Drivers
    OnScreenKeys 5.0.48
    PC Camer@
    Platform
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2820917)
    Skype™ 6.3
    TeamViewer 8
    The KMPlayer (remove only)
    VIA п»ї
    WebFldrs XP
    Winamp
    WinRAR 4.01 (32-битова версия)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07.5.2013 г. 13:16:53, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    .
    ==== End Of File ===========================
     

    Благодаря  :)

     

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Привет, ето линк към архива: http://dox.bg/files/dw?a=7813a0da6a

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

    Probably caused by : viahduaa.sys ( viahduaa+19e60 )

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:
    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.


    И един от дъмповете се дължи на следното:

     

    Probably caused by : memory_corruption

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20
    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение
    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.
    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.
    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:
    Публикувано изображение

    3 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ето линка от стъпка 1: http://file.bg/c233164FmVLa


    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Чудя се дали направо не можете да си карате само на драйвъра на Реалтек за звука, защото имате два драйвъра:

     

    Realtek HDA Audio Drive
    VIA HDA Audio Drive

     

    На сайта на Foxconn драйвърите са доста стари - от 2009-та

     

    На сайта на VIA намерий два за вашия кодек: VIA VT1708B CE

     

    По-стара, но сертифицирана версия - 10.005D Dated: 25-Jul-2012

     

     

    и  по-нова версия (не сертифицирана, но едва ли ще е проблем) - 10.1200A Dated: 7-Nov-2012

     

    Пробвайте и двата и вижте дали сините екрани ще изчезнат. При възможност обновете и останалите драйвъри (но за предпочитане е да не използвате допълнителен софтуер, защото те често свалят погрешните драйвъри за дадена конфигфурация).

     

    Все пак тествайте и РАМ-а и после пишете как е положението.

     

    Също така да почистим и малко Adware и да проверим за активни гадинки:

     

     

     

    СТЪПКА 1

     

     

    Публикувано изображение Изтеглете и стартирайте програмата AdwCleaner (by Xplode).

    • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
    adwcleaner.exe за да стартирате инструмента. [*]Този път маркирайте Delete [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s1].txt.

     

     

     

    СТЪПКА 2

     

     

     

    Публикувано изображение Моля изтеглете Junkware Removal Tool на вашия десктоп.


    • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
    JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

     

     

     

    СТЪПКА 3

     

     

    Публикувано изображение Изтеглете Malwarebytes' Anti-Malware

     

    • [*]Кликнете два пъти върху
    mbam-setup.exe, за да инсталирате програмата. [*]Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish. [*]Ако има намерени обновявания, тя ще ги изтегли и инсталира. [*]Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan. [*]Сканирането ще отнеме малко време, затова моля да бъдете търпеливи. [*]Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата. [*]Уверете се, че на всички редове има отметки, и кликнете на Remove Selected. [*]Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. [*]Прикачете този лог в следващия си коментар в темата.

    Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поискада рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

     

     

    СТЪПКА 4

     

     

    Публикувано изображение
    1) Изтеглете: ESET Online Scanner
    2) Стартирайте esetsmartinstaller_enu.exe
    3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
    4) Скенерът ще започне да изтегля компонентите, които са му необходими.
    5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

    • [*]
    Scan archives [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth technology

    Уверете се че, Remove found threats няма отметка!

    И накрая изберете Start

    6) Скенерът ще започне да изтегля последните дефиниции.
    7) След, като сканирането завърши изберете Finish.
    8) Отидете в: C:Program FilesESETESET Online Scanner.

    9) Прикачете лог с името log.txt файла в следващия си пост.

     

     

     

    СТЪПКА 5

     

     

     

    Публикувано изображение
    Изтеглете Security Check от screen317 от този линк или и го запаметете на вашия десктоп.

    • [*]Кликнете два пъти върху
    SecurityCheck.exe и следвайте инструкциите. [*]Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля прикачете го в следващия ви коментар в тази тема.

    2 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Здравейте, ето резултати: 

     

     

    П.С. Снимката е прекалено голяма за да я кача тук, затова ви пускам линк:  

    http://dox.bg/files/dw?a=a70a18da55

     

    AdwCleanerS2.txt

    checkup.txt

    JRT.txt

    log.txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Липсва лога от MBAM и за съжаление снимката от Eset не върши работа, защото файловете са с криптирани имена, но щом не пазите лога (както ми писахте по Л.С.) нищо не можем да направим за да видим какво е изтрила програмата след първото стартиране. Втория лог от Есет е чист.

     

    Как е сега положението - обновихте ли драйвърите за звука и продължават ли проблемите заради които отворихте темата?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Прикачам липсващия лог. Появи се нов проблем с драйверите на звука - след инсталацията на новия драйвер ( без сертификата) не ми позволява да включа микрофона в предния панел. Машината се държи по - добре. Само да попитам: да махам ли инструментите които ползвахме ? И какво да правя с файловете под карантина ? Благодаря ви.

    mbam-log-2013-04-06 (11-36-38).txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте, файловете на Eset Online Scaner-a и папката в която са инсталирани остана след указаната от вас деинсталация както и карантината на програмата. Компютъра е много "по - пъргав" ако мога така да се изразя. Справихме се успешно с драйверите, и вече всичко е наред. Засега няма сини екрани и едва ли ще има повече проблеми след вашата намеса, за което ви Благодаря :wors: . Проблемите са решени. Само ми укажете начин по който да премахна програмата Eset Online Scaner  безопасно. Поздрави и лека работа :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Явно прибързах със заключенията относно сините екрани. Днес пак се появи ето кода на грешката: 0x000000D1(0xEB0F6E60,0x00000002,0x00000008,0xEB0F6E60). Бихте ли ми казали от какво може да е ? При рестарт на системата и опит да се затвори доклада за грешка на Microsoft дава пак синя страница с този код:0x000000d1(0xEB161E60,0x00000002,0x00000000,0xEB161E60).

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Най-вероятно причината е в драйвър - и може би отново този на VIA.

     

     

    DRIVER_IRQL_NOT_LESS_OR_EQUAL

     

     

     

    Вижте дали има нов dmp файл в папката C:Windowsminidump и ако има го архивирайте.

     

    Ако отново се окаже, че е заради драйвъра на VIA инсталирайте последната версия без сертификата и пробвайте да работите без микрофона или пробвайте изцяло да карате само на драйвърите на Realtek. Щом помагате по TeamViewer-a няма и как да тествате рама от разстояние - но като имате физически достъп до компютъра тествайте плочките на РАМ-а една по една с Memtest, както бях написал по-нагоре.

     

    Също така:

     

    Изтеглете Autoruns и:

     

    • [*]Стартирайте програмата; [*]Изберете
    Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries; [*]От менюто File -> Refresh; [*]От менюто File -> Save...; [*]Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание и го прикачете към темата.

    ПС: Остатъците от Есет можете да изтриете и ръчно.

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сложихме драйвера на производителя ( с който е купено дъното) и за сега има звук. Има нови Дъмп файлове които прилагам към темата, както и резултата от програмата който поискахте. Поздрави :) http://dox.bg/files/dw?a=b5f4cf62a5 - Minidump

    http://dox.bg/files/dw?a=46a1d5d226 Autoruns - резултат

     

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Лошото е, че драйвъра от сайта на производителя, който съм дал е доста стар и може би дори вие в момента сте били със същата версия, която е правила и проблема.

    Според дъмп файловете отново виновен е драйвъра на VIA - viahduaa.sys.

     

    Вариантите са 2.

     

    1. Деинсталирате го и използвате само този на Realtek.

    2. Инсталирате сертифицираната версия, която е по-нова версия от тази на сайта на Foxconn, но и по-стара от несертифицираната версия от сайта на Via.

     

    Поне знаете, къде е проблема! :)

     

    Колкото до Autoruns можете да премахнете следните отметки (не да ги изтриете, а само ги отмаркирайте):

     

    Adobe ARM

    HDAudDeck

     

    И после затворете програмата.

    Изтрийте използваните от нас инструменти. Аз маркирам случая като решен...просто за драйвъра за VIA ако това не помогне не се сещам за друго адекватно решение...

     

    Поздрави!

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:

    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.

    И един от дъмповете се дължи на следното:

     

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20

    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение

    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.

    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.

    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:

    Публикувано изображение

    С огромно закъснение, за което много се извинявам, бих искал да ви съобщя, че състоянието на системата е много добро. Наложи се да преинсталираме целия компютъра с пълно форматиране и разцепване на харддиска, след което направих теста на РАМ паметта ( както ме посъветвахте - цяла нощ ) резултата е че : няма грешки в паметта, и за момента работи добре, и без сини екрани :)  Още веднъж Благодаря за помощта и положените усилия :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Все пак причината бе и си остава в драйвърите на Realtek...и затова го имайте предвид! :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    :)  точно затова този път съм качил всички без тях :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!


    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.


    Вход

    • Горещи теми в момента

    • Подобни теми

      • от Collins
        Здравейте, от няколко дена имам проблем със адуеър, който не мога да открия от коя програма идва. Симптомите ги знаете, изкачат реклами, освен това в някои страници има думи, които са удебелени и препращат към друг сайт. Прикачвам скрийншот за да видите. Ето лога от frst:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
        Ran by Phill (administrator) on ASUNATOR (29-11-2016 13:19:51)
        Running from C:\Users\Phill\Desktop
        Loaded Profiles: Phill (Available Profiles: Phill)
        Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
        (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
        (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
        (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
        (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
        () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\ouc.exe
        () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
        () C:\ProgramData\DatacardService\HWDeviceService64.exe
        (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
        ("My Web Shield") C:\Program Files\My Web Shield\mweshield.exe
        ("My Web Shield") C:\Program Files\My Web Shield\mweshieldup.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
        () C:\Windows\SysWOW64\PnkBstrA.exe
        (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
        (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        (Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
        (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
        (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
        (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
        (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
        () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
        (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
        (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
        HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
        HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-13] (Conexant Systems, Inc.)
        HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
        HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
        HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2014-09-29] (Lenovo)
        HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
        HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Steam] => D:\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [uTorrent] => C:\Users\Phill\AppData\Roaming\uTorrent\uTorrent.exe [2145472 2016-11-22] (BitTorrent Inc.)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Spotify Web Helper] => C:\Users\Phill\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-08-08] (Spotify Ltd)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Spotify] => C:\Users\Phill\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-08-08] (Spotify Ltd)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [RGSC] => D:\Games\Rockstar Games\GTA lV\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb638f9-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb63905-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {1521a98d-c92c-11e5-8289-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {251215bd-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121661-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121b17-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {395190d1-54da-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {413bd7d5-5951-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7b5479d6-5743-11e6-82ad-40e23059e252} - "G:\autorun.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64edde-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64f000-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7fa52f3f-5de7-11e5-8269-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9011868b-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {90118693-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {901186ac-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9e783-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9f31e-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9a843e16-8fc9-11e6-82b1-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {af58f2ad-e7e8-11e5-8295-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b00206a9-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b0020723-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b244836b-9abf-11e5-827c-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {d4d39be5-1241-11e6-82a3-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {e2243fdb-3afa-11e5-8259-40e23059e252} - "F:\autorun.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd28198-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe" 
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd2889f-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe" 
        ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-28] (AVAST Software)
        GroupPolicy: Restriction - Chrome <======= ATTENTION
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{A78E9DE8-6EE8-49F6-B263-76182DBC8CD1}: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{C2B264B5-2EB0-48D7-B271-33A5B8566016}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-27] (Oracle Corporation)
        BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)
        FireFox:
        ========
        FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
        FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-11]
        FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
        FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-11]
        FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
        FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
        FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
        FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
        Chrome: 
        =======
        CHR HomePage: Default -> hxxps://www.google.bg/
        CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-210&v=n12521-347&t=4","hxxp://www.mystartsearch.com/?type=hp&ts=1416439125&from=amt&uid=SAMSUNGXHM160HC_S12TJD0S966470","hxxp://www.delta-homes.com/?type=hp&ts=1419445398&from=wpm12233&uid=ST3320620AS_5QF190G5XXXX5QF190G5","hxxp://isearch.omiga-plus.com/?type=hp&ts=1419544132&from=obw&uid=SAMSUNGXHM160HC_S12TJD0S966470","hxxp://www.istartsurf.com/?type=hp&ts=1437087111&z=bc30721319c3a4577d4c330g1z6cam3e5b0maefzfz&from=obw&uid=ST1000LM024XHN-M101MBB_S32XJ9HFA06771"
        CHR Session Restore: Default -> is enabled.
        CHR Profile: C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default [2016-11-29]
        CHR Extension: (Adblock Plus) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
        CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
        CHR Extension: (TunnelBear VPN) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2016-07-24]
        CHR Extension: (Chrome Media Router) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
        CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
        R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-28] (AVAST Software)
        R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
        S2 GLOBUL Connection Manager. RunOuc; C:\Program Files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe [655712 2016-03-08] ()
        R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] ()
        R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
        R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
        R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
        S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
        R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
        R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
        R2 mweshield; C:\Program Files\My Web Shield\mweshield.exe [931640 2016-08-31] ("My Web Shield") <==== ATTENTION
        R2 mweshieldup; C:\Program Files\My Web Shield\mweshieldup.exe [348472 2016-08-31] ("My Web Shield") <==== ATTENTION
        R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
        R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
        R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
        R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-11-17] ()
        S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]
        S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-08-18] (RealVNC Ltd)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
        R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-28] (AVAST Software)
        R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-28] (AVAST Software)
        R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-28] (AVAST Software)
        R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-28] (AVAST Software)
        R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-28] (AVAST Software)
        R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-28] (AVAST Software)
        R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-28] (AVAST Software)
        R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-28] (AVAST Software)
        R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-18] (AVAST Software)
        R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-10-07] (ASUS Corporation)
        R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
        S3 cmnxusbser; C:\WINDOWS\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
        S3 cpuz138; C:\Users\Phill\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-10-23] (CPUID)
        R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [271424 2015-08-05] (DT Soft Ltd)
        U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2016-03-08] (Huawei Technologies Co., Ltd.)
        U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
        R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
        R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
        R1 mwescontroller; C:\WINDOWS\system32\drivers\mwescontroller.sys [57680 2016-08-31] ()
        R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
        S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [40448 2014-05-23] (QUALCOMM Incorporated)
        S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [243712 2014-05-23] (QUALCOMM Incorporated) [File not signed]
        R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
        S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
        S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
        S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
        S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
        S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-11-29 13:09 - 2016-11-29 13:20 - 00022435 _____ C:\Users\Phill\Desktop\FRST.txt
        2016-11-29 13:09 - 2016-11-29 13:19 - 00000000 ____D C:\FRST
        2016-11-29 13:08 - 2016-11-29 13:08 - 02411520 _____ (Farbar) C:\Users\Phill\Downloads\FRST64 (1).exe
        2016-11-29 13:07 - 2016-11-29 13:08 - 02411520 _____ (Farbar) C:\Users\Phill\Desktop\FRST64.exe
        2016-11-23 16:33 - 2016-11-23 16:33 - 00001148 _____ C:\Users\Phill\Desktop\Assassins Creed II.lnk
        2016-11-23 16:33 - 2016-11-23 16:33 - 00000000 ____D C:\Users\Phill\AppData\Roaming\Ubisoft
        2016-11-23 16:27 - 2016-10-28 23:04 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2016-11-23 16:27 - 2016-10-28 23:04 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2016-11-23 13:54 - 2016-11-02 22:48 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
        2016-11-23 13:54 - 2016-11-02 22:48 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
        2016-11-23 13:54 - 2016-11-02 16:03 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
        2016-11-23 13:54 - 2016-11-02 16:00 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
        2016-11-23 13:54 - 2016-10-27 20:53 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
        2016-11-23 13:54 - 2016-10-27 20:51 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2016-11-23 13:54 - 2016-10-27 20:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
        2016-11-23 13:54 - 2016-10-27 20:28 - 25763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2016-11-23 13:54 - 2016-10-27 20:19 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2016-11-23 13:54 - 2016-10-27 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
        2016-11-23 13:54 - 2016-10-27 20:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
        2016-11-23 13:54 - 2016-10-27 20:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
        2016-11-23 13:54 - 2016-10-27 19:57 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
        2016-11-23 13:54 - 2016-10-27 19:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
        2016-11-23 13:54 - 2016-10-27 19:47 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
        2016-11-23 13:54 - 2016-10-27 19:46 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
        2016-11-23 13:54 - 2016-10-27 19:46 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
        2016-11-23 13:54 - 2016-10-27 19:44 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
        2016-11-23 13:54 - 2016-10-27 19:17 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2016-11-23 13:54 - 2016-10-27 19:16 - 02920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
        2016-11-23 13:54 - 2016-10-27 19:03 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2016-11-23 13:54 - 2016-10-27 18:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
        2016-11-23 13:54 - 2016-10-27 17:05 - 20304896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2016-11-23 13:54 - 2016-10-25 16:11 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
        2016-11-23 13:54 - 2016-10-22 19:35 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
        2016-11-23 13:54 - 2016-10-22 19:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
        2016-11-23 13:54 - 2016-10-22 19:27 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2016-11-23 13:54 - 2016-10-22 19:21 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
        2016-11-23 13:54 - 2016-10-22 18:58 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
        2016-11-23 13:54 - 2016-10-22 18:57 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
        2016-11-23 13:54 - 2016-10-22 18:56 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
        2016-11-23 13:54 - 2016-10-22 18:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
        2016-11-23 13:54 - 2016-10-22 18:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
        2016-11-23 13:54 - 2016-10-22 18:45 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
        2016-11-23 13:54 - 2016-10-22 18:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
        2016-11-23 13:54 - 2016-10-22 18:44 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2016-11-23 13:54 - 2016-10-22 18:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
        2016-11-23 13:54 - 2016-10-22 18:30 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2016-11-23 13:54 - 2016-10-22 18:12 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
        2016-11-23 13:54 - 2016-10-22 18:09 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2016-11-23 13:54 - 2016-10-22 18:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
        2016-11-23 13:54 - 2016-10-13 21:06 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
        2016-11-23 13:54 - 2016-10-13 21:06 - 01124376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
        2016-11-23 13:54 - 2016-10-12 10:01 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
        2016-11-23 13:54 - 2016-10-11 22:21 - 00497448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
        2016-11-23 13:54 - 2016-10-11 22:21 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
        2016-11-23 13:54 - 2016-10-11 20:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
        2016-11-23 13:54 - 2016-10-11 19:47 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
        2016-11-23 13:54 - 2016-10-11 18:55 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
        2016-11-23 13:54 - 2016-10-10 23:17 - 00444248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
        2016-11-23 13:54 - 2016-10-10 23:17 - 00333656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
        2016-11-23 13:54 - 2016-10-10 00:59 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
        2016-11-23 13:54 - 2016-10-09 01:12 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
        2016-11-23 13:54 - 2016-10-09 00:53 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
        2016-11-23 13:54 - 2016-10-09 00:21 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
        2016-11-23 13:54 - 2016-10-09 00:18 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2016-11-23 13:54 - 2016-10-09 00:07 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
        2016-11-23 13:54 - 2016-10-09 00:02 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
        2016-11-23 13:54 - 2016-10-08 23:49 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
        2016-11-23 13:54 - 2016-10-08 23:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
        2016-11-23 13:54 - 2016-10-08 03:34 - 01660040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
        2016-11-23 13:54 - 2016-10-08 03:34 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
        2016-11-23 13:54 - 2016-10-04 22:39 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
        2016-11-23 13:54 - 2016-10-04 22:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
        2016-11-23 13:54 - 2016-10-04 22:08 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
        2016-11-23 13:54 - 2016-10-04 22:08 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
        2016-11-23 13:54 - 2016-09-10 00:52 - 00921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
        2016-11-23 13:54 - 2016-09-10 00:14 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
        2016-11-23 13:54 - 2016-09-09 16:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
        2016-11-23 13:54 - 2016-09-09 16:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
        2016-11-23 13:54 - 2016-09-09 16:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
        2016-11-23 13:54 - 2016-09-09 16:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
        2016-11-23 13:54 - 2016-09-09 16:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
        2016-11-23 13:54 - 2016-09-09 15:38 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
        2016-11-23 13:54 - 2016-09-03 20:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
        2016-11-23 13:54 - 2016-09-03 20:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
        2016-11-23 13:54 - 2016-09-03 19:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
        2016-11-23 13:54 - 2016-09-03 19:18 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
        2016-11-23 13:54 - 2016-09-03 18:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
        2016-11-23 13:54 - 2016-09-03 18:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
        2016-11-23 13:54 - 2016-09-03 17:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
        2016-11-23 13:54 - 2016-09-02 16:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
        2016-11-23 13:54 - 2016-09-02 16:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
        2016-11-23 13:54 - 2016-09-01 16:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
        2016-11-23 13:54 - 2016-09-01 16:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
        2016-11-23 13:54 - 2016-09-01 16:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
        2016-11-23 13:54 - 2016-08-30 16:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
        2016-11-23 13:54 - 2016-08-30 04:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
        2016-11-23 13:54 - 2016-08-30 04:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
        2016-11-23 13:54 - 2016-08-30 04:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
        2016-11-23 13:54 - 2016-08-30 04:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
        2016-11-23 13:54 - 2016-08-22 15:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2016-11-23 13:54 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
        2016-11-22 22:16 - 2016-11-22 22:16 - 00000000 ____D C:\Users\Phill\AppData\LocalLow\uTorrent
        2016-11-22 22:15 - 2016-11-22 22:15 - 00159585 _____ C:\Users\Phill\Downloads\Suits.S02.720p.HDTV.x264.torrent
        2016-11-22 00:06 - 2016-11-22 00:06 - 00000761 _____ C:\Users\Phill\Desktop\Assassins Crеed Brotherhood.lnk
        2016-11-21 15:56 - 2016-11-21 15:56 - 00002202 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 SteamRIP.lnk
        2016-11-21 15:56 - 2016-11-21 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 SteamRIP
        2016-11-17 01:12 - 2016-11-23 16:33 - 00000000 ____D C:\ProgramData\Ubisoft
        2016-11-17 00:25 - 2016-11-17 00:25 - 00189248 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
        2016-11-17 00:25 - 2016-11-17 00:25 - 00075136 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
        2016-11-17 00:25 - 2016-11-17 00:25 - 00000000 ____D C:\Users\Phill\AppData\Roaming\PunkBuster
        2016-11-17 00:24 - 2016-11-17 00:24 - 00000000 ____D C:\Program Files (x86)\Ubisoft
        2016-11-17 00:24 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
        2016-11-17 00:24 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
        2016-11-17 00:24 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
        2016-11-17 00:24 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
        2016-11-17 00:24 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
        2016-11-17 00:24 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
        2016-11-16 22:17 - 2016-11-16 22:17 - 00274155 _____ C:\Users\Phill\Downloads\Assassins.Creed.Collection-BlackEcho.torrent
        2016-11-16 00:44 - 2016-11-16 00:44 - 00000258 __RSH C:\Users\Phill\ntuser.pol
        2016-11-15 17:06 - 2016-11-15 17:07 - 00000000 ____D C:\Program Files\My Web Shield
        2016-11-15 17:06 - 2016-11-15 17:06 - 00001548 __RSH C:\ProgramData\ntuser.pol
        2016-11-15 17:06 - 2016-08-31 16:00 - 00057680 _____ C:\WINDOWS\system32\Drivers\mwescontroller.sys
        2016-11-14 18:35 - 2016-09-22 15:55 - 00102690 ____R C:\Users\Phill\Desktop\suits.s01e01.720p.hdtv.x264-orenji.srt
        2016-11-11 01:58 - 2015-06-04 15:28 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00062304 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00064352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
        2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
        2016-11-11 00:37 - 2016-11-11 00:37 - 00000898 _____ C:\Users\Phill\Desktop\Start CSGO No Internet.lnk
        2016-11-11 00:37 - 2016-11-11 00:37 - 00000895 _____ C:\Users\Phill\Desktop\Counter-Strike Global Offensive.lnk
        2016-11-11 00:37 - 2016-11-11 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive
        2016-11-10 21:19 - 2016-11-10 21:19 - 00014805 _____ C:\Users\Phill\Downloads\Crazy.Stupid.Love.2011.720p.BluRay.x264.DTS-WiKi.torrent
        2016-11-10 20:16 - 2016-11-10 20:16 - 00013713 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 Mega Edition (4).torrent
        2016-11-10 20:16 - 2016-11-10 20:16 - 00012555 _____ C:\Users\Phill\Downloads\Counter-Strike Global Offensive v1.35.5.6 [Repack].torrent
        2016-11-10 20:13 - 2016-11-10 20:13 - 00013713 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 Mega Edition (3).torrent
        2016-11-10 20:01 - 2016-11-10 20:01 - 00013693 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 SteamRIP (1).torrent
        2016-11-10 19:58 - 2016-11-21 16:03 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 SteamRIP
        2016-11-10 19:12 - 2016-11-10 19:12 - 00013693 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 SteamRIP.torrent
        2016-11-06 21:59 - 2016-11-06 21:59 - 00012642 _____ C:\Users\Phill\Downloads\Dirty.Dancing.1987.BDRip.x264-WAR.torrent
        2016-11-06 21:56 - 2016-11-06 21:56 - 00021610 _____ C:\Users\Phill\Downloads\Dirty.Dancing.1987.1080p.BluRay.x264-WARHD.torrent
        2016-11-02 23:27 - 2016-11-02 23:27 - 00001007 _____ C:\Users\Public\Desktop\HiSuite.lnk
        2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Phill\Documents\HiSuite
        2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
        2016-11-02 23:27 - 2016-05-25 12:53 - 02152176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
        2016-11-02 23:27 - 2016-05-25 12:53 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01009.dll
        2016-11-02 23:27 - 2016-05-25 12:53 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
        2016-11-02 23:27 - 2016-05-25 12:53 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
        2016-11-02 23:27 - 2016-05-25 12:53 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
        2016-11-02 23:27 - 2016-05-25 12:53 - 00126592 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
        2016-11-02 23:27 - 2016-05-25 12:53 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
        2016-11-02 23:27 - 2016-05-25 12:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
        2016-11-02 23:27 - 2016-05-25 12:53 - 00018816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys
        2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Phill\AppData\Local\Hisuite
        2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ____D C:\Program Files (x86)\HiSuite
        2016-10-30 21:24 - 2016-10-30 21:24 - 00023180 _____ C:\Users\Phill\Downloads\Beauty.and.the.Beast.Extended.Version.1991.1080p.BluRay.Bulgarian-PEPSi.mkv.torrent
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-11-29 13:14 - 2015-08-05 03:06 - 01007104 ___SH C:\Users\Phill\Desktop\Thumbs.db
        2016-11-29 12:32 - 2015-11-16 20:14 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2016-11-29 12:09 - 2015-08-05 00:49 - 00000000 ____D C:\Users\Phill\AppData\Local\CrashDumps
        2016-11-29 09:59 - 2016-02-25 03:05 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
        2016-11-29 09:59 - 2015-11-16 20:14 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2016-11-29 09:59 - 2015-11-12 22:22 - 00000000 ____D C:\Users\Phill\OneDrive
        2016-11-29 09:58 - 2015-07-18 17:52 - 00000000 __SHD C:\Users\Phill\IntelGraphicsProfiles
        2016-11-29 00:25 - 2015-09-05 07:25 - 00000000 ____D C:\Users\Phill\AppData\Roaming\vlc
        2016-11-24 21:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
        2016-11-23 21:56 - 2015-08-04 23:48 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3535237292-2376840269-2226161949-1000
        2016-11-23 16:31 - 2015-08-05 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
        2016-11-23 16:31 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
        2016-11-23 16:25 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2016-11-23 16:25 - 2013-08-22 16:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2016-11-23 16:23 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
        2016-11-23 16:20 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
        2016-11-23 16:19 - 2015-08-05 05:27 - 00000000 ____D C:\Users\Phill\AppData\Roaming\uTorrent
        2016-11-23 15:27 - 2015-08-04 23:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2016-11-23 14:24 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
        2016-11-23 14:02 - 2015-08-04 23:42 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2016-11-23 01:15 - 2014-11-21 09:38 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2016-11-23 00:53 - 2015-11-12 22:36 - 00000000 ____D C:\Users\Phill\AppData\Roaming\Skype
        2016-11-22 23:52 - 2015-11-12 22:36 - 00000000 ___RD C:\Program Files (x86)\Skype
        2016-11-22 23:52 - 2015-11-12 22:35 - 00000000 ____D C:\ProgramData\Skype
        2016-11-16 00:44 - 2015-08-04 23:37 - 00000000 ____D C:\Users\Phill
        2016-11-15 17:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
        2016-11-14 23:33 - 2015-08-05 01:37 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2016-11-11 01:58 - 2015-12-30 12:42 - 00000000 ____D C:\ProgramData\Package Cache
        2016-11-10 21:39 - 2015-08-05 03:18 - 00457216 ___SH C:\Users\Phill\Downloads\Thumbs.db
        2016-11-10 20:00 - 2015-08-04 23:43 - 00000000 ____D C:\Users\Phill\AppData\Local\VirtualStore
        2016-11-06 21:55 - 2015-08-05 00:57 - 00000000 ____D C:\Users\Phill\AppData\Local\Google
        2016-11-02 23:45 - 2015-11-26 18:08 - 00000000 ____D C:\Temp
        ==================== Files in the root of some directories =======
        2015-10-08 02:56 - 2015-10-08 02:56 - 0007602 _____ () C:\Users\Phill\AppData\Local\Resmon.ResmonCfg
        Some files in TEMP:
        ====================
        C:\Users\Phill\AppData\Local\Temp\AutoRun.exe
        C:\Users\Phill\AppData\Local\Temp\AutoRunGUI.dll
        C:\Users\Phill\AppData\Local\Temp\CH.dll
        C:\Users\Phill\AppData\Local\Temp\drm_dialogs.dll
        C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7340014.dll
        C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7380014.dll
        C:\Users\Phill\AppData\Local\Temp\EAInstall.dll
        C:\Users\Phill\AppData\Local\Temp\eauninstall.exe
        C:\Users\Phill\AppData\Local\Temp\Gw2.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u101-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u60-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u65-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u66-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u71-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u73-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u77-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\jre-8u91-windows-au.exe
        C:\Users\Phill\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
        C:\Users\Phill\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
        C:\Users\Phill\AppData\Local\Temp\pylE938.tmp.exe
        C:\Users\Phill\AppData\Local\Temp\SpotifyUninstall.exe
        C:\Users\Phill\AppData\Local\Temp\sqlite3.dll
        C:\Users\Phill\AppData\Local\Temp\vcredist_x64.exe
        C:\Users\Phill\AppData\Local\Temp\vcredist_x86.exe
        C:\Users\Phill\AppData\Local\Temp\_is4B86.exe
        C:\Users\Phill\AppData\Local\Temp\_isA1BD.exe
        C:\Users\Phill\AppData\Local\Temp\_isA6D8.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

        LastRegBack: 2016-11-24 21:43
        ==================== End of FRST.txt ============================
        Благодаря за отделеното време.
         

        Addition.txt
         
        Едит: Mywebshield очевидно е адуеъра... Нямам такава инсталирана програма в листа с програми обаче.
      • от MayaBee
        Здравейте!
        Нуждая се от помощ за следния проблем - преди около месец компютърът ми беше заразен, т.к. дъщеря ми свали от торент програма за 3D анимация. Имаше проблем с китайския Youku PC App,  който мисля, че отстраних (ползвам MBM, както и ръчно триене), но се появи проблем при стартиране на Google Chrome - зарежда се   yeabd66.cc. Впоследствие установих, че така е и при другите браузъри - IE и Mozilla. Пробвах съветите за изтриване на добавката, лепната в Target на Shortcut-а - изтривам, Apply, Ok, и нищо - при следващо стартиране на браузъра - същото. 
        ОС ми е Windows 7 Professional.
        Лог файлове ще прикача след малко.
         
        Ето и лог файловете:
        FRST 26 11 2016.txt
        Addition 26 11 2016.txt
         
      • от YelloWonKEY
        Заразени файлове не тръгват...
        Последните 2 дена нямах антивирусна и всичко се срина след доунлоад на некачествен софтуер. Моля за вашата помощ.
        Не разполагам с компакт дискове с моята операционна система.
        Цел: Да изчистя злокачествения софтуер
        Ето и лог от: FRST64
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
        Ran by EknepT (administrator) on PEPE (23-11-2016 13:00:35)
        Running from C:\Users\EknepT\Downloads
        Loaded Profiles: EknepT (Available Profiles: EknepT & Family)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
        (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
        (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
        () C:\Windows\SysWOW64\PnkBstrA.exe
        (Aztec Media Inc) C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
        (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe
        (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
        (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
        (Flux Software LLC) C:\Users\EknepT\AppData\Local\FluxSoftware\Flux\flux.exe
        (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
        (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
        (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
        HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-29] (Advanced Micro Devices, Inc.)
        HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-08] (AVAST Software)
        HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
        HKLM-x32\...\Winlogon: [Userinit] userinit.exe,c:\program files (x86)\microsoft\desktoplayer.exe [X]
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\...\Run: [f.lux] => C:\Users\EknepT\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\...\Run: [Viber] => C:\Users\EknepT\AppData\Local\Viber\Viber.exe [73298000 2016-09-13] (Viber Media S.à r.l.)
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
        ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-12] (AVAST Software)
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        AutoConfigURL: [S-1-5-21-1070282881-3074546274-988176183-1000] => hxxp://none-stops.org/wpad.dat?98f631bcacbbe0b21edfe04f09ef73b120536417
        Tcpip\Parameters: [DhcpNameServer] 193.151.80.14 193.151.80.3
        Tcpip\..\Interfaces\{D6400A58-45C1-4026-9366-8B9D687F3B19}: [DhcpNameServer] 193.151.80.14 193.151.80.3
        ManualProxies: 0hxxp://none-stops.org/wpad.dat?98f631bcacbbe0b21edfe04f09ef73b120536417
        Internet Explorer:
        ==================
        HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
        HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1411080287&from=amt&uid=HitachiXHDS721010CLA332_JP2911HQ3U8UPH3U8UPHX&q={searchTerms}
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1411080287&from=amt&uid=HitachiXHDS721010CLA332_JP2911HQ3U8UPH3U8UPHX&q={searchTerms}
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
        HKU\S-1-5-21-1070282881-3074546274-988176183-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
        SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
        SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1411080287&from=amt&uid=HitachiXHDS721010CLA332_JP2911HQ3U8UPH3U8UPHX&q={searchTerms}
        SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=a&ver=15511&tm=469&src=ds&p={searchTerms}
        SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
        BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-12] (AVAST Software)
        BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
        BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
        BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-12] (AVAST Software)
        BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
        StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1411080287&from=amt&uid=HitachiXHDS721010CLA332_JP2911HQ3U8UPH3U8UPHX
        FireFox:
        ========
        FF ProfilePath: C:\Users\EknepT\AppData\Roaming\Mozilla\Firefox\Profiles\de3fs7ut.default-1423111666809 [2016-11-23]
        FF user.js: detected! => C:\Users\EknepT\AppData\Roaming\Mozilla\Firefox\Profiles\de3fs7ut.default-1423111666809\user.js [2015-04-16]
        FF NewTab: Mozilla\Firefox\Profiles\de3fs7ut.default-1423111666809 -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150416__yaff
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\de3fs7ut.default-1423111666809 -> Yahoo
        FF Homepage: Mozilla\Firefox\Profiles\de3fs7ut.default-1423111666809 -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150416__yaff
        FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\EknepT\AppData\Roaming\Mozilla\Firefox\Profiles\de3fs7ut.default-1423111666809\Extensions\marcoagpinto@mail.telepac.pt [2016-10-25]
        FF Extension: (Adblock Plus) - C:\Users\EknepT\AppData\Roaming\Mozilla\Firefox\Profiles\de3fs7ut.default-1423111666809\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
        FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
        FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-12]
        FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
        FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-12]
        FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\EknepT\AppData\Roaming\Mozilla\Firefox\Profiles\xj2j3uuy.default\extensions\faststartff@gmail.com => not found
        FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
        FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
        FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
        FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd.)
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
        FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
        FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd.)
        FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
        FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-03] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-03] (Google Inc.)
        FF Plugin HKU\S-1-5-21-1070282881-3074546274-988176183-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd.)
        FF Plugin HKU\S-1-5-21-1070282881-3074546274-988176183-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-10-05] ()
        FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\130372671.js [2016-11-22] <==== ATTENTION (Points to *.cfg file)
        FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\130372671.cfg [2016-11-22] <==== ATTENTION
        Chrome:
        =======
        CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-21]
        CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
        R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-12] (AVAST Software)
        R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
        R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-10-05] ()
        R2 SmdmFService; C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-01-28] (Aztec Media Inc)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]
        S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MirrorGo\DriverInstall.exe [X]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
        R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-12] (AVAST Software)
        R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-12] (AVAST Software)
        R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-12] (AVAST Software)
        R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-12] (AVAST Software)
        R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-12] (AVAST Software)
        R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-12] (AVAST Software)
        R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
        R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-12] (AVAST Software)
        R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
        R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-20] (Disc Soft Ltd)
        R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [45968 2015-01-28] (Aztec Media Inc)
        R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
        R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2014-10-01] (nethfdrv)
        R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2016-03-24] (Duplex Secure Ltd.)
        S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
        S3 VGPU; System32\drivers\rdvgkmd.sys [X]
        ========================== Drivers MD5 =======================
        C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
        C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
        C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
        C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
        C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
        C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
        C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
        C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
        C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
        C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
        C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\atikmdag.sys 5B871F3E4A4A6C4693A413E3138B51D0
        C:\Windows\System32\DRIVERS\atikmpag.sys 9BE1140CE8D2C5E878F136A7B85D41B3
        C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
        C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
        C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
        C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
        C:\Windows\system32\drivers\appid.sys 0CD7BFDE151223C6976C5D1B3D49EB84
        C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
        C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
        C:\Windows\SysWow64\drivers\AsIO.sys 68726474C69B738EAC3A62E06B33ADDC
        C:\Windows\system32\drivers\aswHwid.sys A629E4799D4CD6361D1B5D573EA5C2CD
        C:\Windows\system32\drivers\aswKbd.sys 97F952A9050CAD88681F5F0F46B8D5A5
        C:\Windows\system32\drivers\aswMonFlt.sys 9C6C17C495E960E52EDE5D038EE92AE1
        C:\Windows\system32\drivers\aswRdr2.sys 8F492911129B1B32818BF894DC0C2C73
        C:\Windows\System32\Drivers\aswRvrt.sys 4ABDD84A67378E866BC15DDC9916BA71
        C:\Windows\system32\drivers\aswSnx.sys 409CDD1400B404F655EEC1B5850FD3BE
        C:\Windows\system32\drivers\aswSP.sys CDB1BE967AFF65D8395B6DF2EA8CBCCF
        C:\Windows\system32\drivers\aswStm.sys F6B5E463A0BB934C26FB319EDC726F65
        C:\Windows\System32\Drivers\aswVmm.sys FE0EE5CA72BC0D41DCAAFCA70B78274B
        C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
        C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\athurx.sys DD9E0608859119AFF88DB3200CC9729E
        C:\Windows\System32\drivers\AtihdW76.sys B0790FF0E25B7A2674296052F2162C1A
        C:\Windows\System32\DRIVERS\atikmdag.sys 5B871F3E4A4A6C4693A413E3138B51D0
        C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
        C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
        C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
        C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
        C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
        C:\Windows\System32\CLFS.sys 3891EA60B84EFE115CE070311FA83BBB
        C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
        C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
        C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
        C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
        C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
        C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
        C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
        C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
        C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
        C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
        C:\Windows\System32\DRIVERS\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34
        C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
        C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
        C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
        C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
        C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg 20DE9B74EA81432E44F4E9C9B4AF8FC7
        C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
        C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
        C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
        C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
        C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
        C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
        C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
        C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
        C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
        C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
        C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
        C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
        C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
        C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
        C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
        C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
        C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
        C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
        C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
        C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
        C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
        C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
        C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
        C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
        C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
        C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\ksecdd.sys 1F4B52A496A43C65AB0F26169650FAF2
        C:\Windows\System32\Drivers\ksecpkg.sys E4A599EDFAAB66C2BC17FB1593DC129B
        C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\L1C62x64.sys 033B4AED2C5519072C0D81E00804D003
        C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
        C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
        C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
        C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
        C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
        C:\Windows\System32\drivers\modem.sys BFFB0C93D9FB43CA42EF11C9240BFF7F
        C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
        C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
        C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
        C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
        C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
        C:\Windows\System32\DRIVERS\mrxsmb.sys 25F918BB5D57C99FFEB0255143D0DF9A
        C:\Windows\System32\DRIVERS\mrxsmb10.sys 8DF2B80510F438CFEC479181BD29C794
        C:\Windows\System32\DRIVERS\mrxsmb20.sys F7622CFE3402A9BF10227BB124901E54
        C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
        C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
        C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\nx6000.sys BB590070D606AE6F008341FC9A7B2AD7
        C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
        C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
        C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ASACPI.sys 2219A3D695405E7BA2186BA6B9EDE14A
        C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
        C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
        C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
        C:\Windows\system32\drivers\nethfdrv.sys 71BB4FA59E4D2F647CA7E7B4FCDA1950
        C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
        C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
        C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
        C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
        C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
        C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
        C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
        C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
        C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
        C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
        C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
        C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
        C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
        C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
        C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
        C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
        C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
        C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
        C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
        C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
        C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
        C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
        C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\sptd.sys D6AB7C13FCDD2E4CAC35244D2C172D9A
        C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
        C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
        C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
        C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
        C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
        C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
        C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
        C:\Windows\System32\DRIVERS\tapSF0901.sys 185C2170CFD84F9D708276FBB5ABD77D
        C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
        C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
        C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
        C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
        C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
        C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
        C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
        C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
        C:\Windows\System32\DRIVERS\tssecsrv.sys 2CE1083C5A2D9BA5FFAD087F997EE25C
        C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
        C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
        C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
        C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
        C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
        C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
        C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
        C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
        C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
        C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
        C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
        C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
        C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
        C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
        C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
        C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
        C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
        C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
        C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
        C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
        C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
        C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
        C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
        C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
        C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
        C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
        C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
        C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
        C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
        C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
        C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
        C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
        C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
        C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
        C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
        C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
        C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== Three Months Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-11-23 13:00 - 2016-11-23 13:01 - 00032610 _____ C:\Users\EknepT\Downloads\FRST.txt
        2016-11-23 12:59 - 2016-11-23 13:00 - 00000000 ____D C:\FRST
        2016-11-23 12:59 - 2016-11-23 12:59 - 02412544 _____ (Farbar) C:\Users\EknepT\Downloads\FRST64.exe
        2016-11-23 02:34 - 2016-11-23 02:36 - 00000000 ____D C:\Users\EknepT\Desktop\random picz
        2016-11-23 02:32 - 2016-11-23 02:33 - 12535297 _____ C:\Users\EknepT\Desktop\Online.rar
        2016-11-23 02:28 - 2016-11-23 02:36 - 00000000 ____D C:\Users\EknepT\Desktop\pads
        2016-11-23 00:40 - 2016-11-23 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu ServerMaster
        2016-11-23 00:40 - 2016-11-23 02:33 - 00000000 ____D C:\Program Files (x86)\ServerMaster
        2016-11-23 00:29 - 2016-11-23 00:35 - 98143616 _____ () C:\Users\EknepT\Downloads\ServerMaster Light.exe
        2016-11-22 05:54 - 2016-11-22 06:03 - 00000000 ____D C:\Users\EknepT\Desktop\HagenMu 97d+99i
        2016-11-22 05:50 - 2016-11-22 05:50 - 00000000 ____D C:\Users\EknepT\Desktop\muuuu
        2016-11-22 05:43 - 2004-11-16 07:10 - 00000000 ____D C:\Users\EknepT\Desktop\MuOnline
        2016-11-22 05:32 - 2016-11-22 05:32 - 00470088 _____ C:\Users\EknepT\Downloads\Download_dupe_hack_mu_online_downloader.exe
        2016-11-22 04:09 - 2016-11-22 04:09 - 00000000 ____D C:\Users\EknepT\Desktop\Cheat Engine 5.5
        2016-11-22 03:52 - 2016-11-22 03:54 - 00000109 _____ C:\Windows\settings2.ini
        2016-11-22 03:11 - 2014-08-03 17:27 - 01226826 _____ (Alpha) C:\Windows\svch.exe
        2016-11-22 03:11 - 2014-04-10 12:43 - 01626112 _____ (TGH) C:\Windows\BlackBox.exe
        2016-11-22 03:07 - 2014-08-03 17:27 - 01226826 ____N (Alpha) C:\Windows\trzDB87.tmp
        2016-11-22 03:04 - 2016-11-22 06:37 - 00000000 ____D C:\Users\EknepT\Desktop\Inferno MU Client No Sound
        2016-11-22 02:04 - 2016-11-22 02:05 - 00000318 _____ C:\Windows\WPE PRO Traducido por Golem.INI
        2016-11-22 00:37 - 2016-11-22 00:58 - 377309301 _____ () C:\Users\EknepT\Downloads\OpenMu.exe
        2016-11-21 16:44 - 2009-07-22 15:56 - 00267113 _____ C:\Users\EknepT\Desktop\NoSleep.exe
        2016-11-20 22:02 - 2016-11-20 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buziol Games
        2016-11-20 22:02 - 2016-11-20 22:02 - 00000000 ____D C:\Buziol Games
        2016-11-20 22:01 - 2016-11-20 22:02 - 00000000 ____D C:\Users\EknepT\Desktop\Super Mario
        2016-11-20 14:24 - 2012-02-18 11:03 - 00000000 ____D C:\Users\EknepT\Desktop\Super Simple Wallhack v7.3
        2016-11-20 13:35 - 2016-11-20 19:49 - 00000749 _____ C:\Users\EknepT\Desktop\Counter-Strike WaRzOnE.lnk
        2016-11-20 13:30 - 2016-11-20 13:32 - 268591972 ____R (CSwarzone) C:\Users\EknepT\Desktop\Counter-Strike.exe
        2016-11-20 13:08 - 2016-11-20 13:08 - 00000693 _____ C:\Users\Family\Desktop\Counter-Strike 1.6 Non Steam.lnk
        2016-11-20 11:58 - 2015-11-09 00:24 - 00000000 ____D C:\Users\EknepT\Desktop\speedhack
        2016-11-20 00:07 - 2016-11-20 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POD-Bot 2.5
        2016-11-19 23:27 - 2016-11-20 12:48 - 00000000 ____D C:\Users\EknepT\Desktop\cd ha
        2016-11-18 19:41 - 2016-11-21 16:43 - 00000000 ____D C:\Users\Family\AppData\LocalLow\Mozilla
        2016-11-18 14:04 - 2016-11-23 12:54 - 00000000 ____D C:\Users\EknepT\AppData\LocalLow\Mozilla
        2016-11-16 13:34 - 2011-05-14 07:34 - 00913408 _____ C:\Windows\US_W311RBr_V5.19.08_MULTI.bin
        2016-11-16 13:34 - 2011-05-14 07:34 - 00913408 _____ C:\US_W311RBr_V5.19.08_MULTI.bin
        2016-11-16 12:29 - 2016-11-16 12:29 - 00000000 ____D C:\Users\EknepT\AppData\Local\DriverTuner
        2016-11-16 12:21 - 2016-11-16 12:21 - 00003108 _____ C:\Windows\System32\Tasks\{B1E1D638-E0B6-48AB-98A8-9D29B675C273}
        2016-11-16 12:15 - 2013-06-29 00:49 - 01930240 _____ (Atheros Communications, Inc.) C:\Windows\athurx.sys
        2016-11-16 12:15 - 2013-06-29 00:49 - 01930240 _____ (Atheros Communications, Inc.) C:\athurx.sys
        2016-11-16 12:15 - 2013-06-29 00:49 - 00007518 _____ C:\Windows\athurextx.cat
        2016-11-16 12:15 - 2013-06-29 00:49 - 00007518 _____ C:\athurextx.cat
        2016-11-16 11:46 - 2016-11-16 11:46 - 02793824 _____ (Speedy HLDGS Limited ) C:\Users\EknepT\Downloads\setup.exe.part
        2016-11-16 11:46 - 2016-11-16 11:46 - 02793824 _____ (Speedy HLDGS Limited ) C:\Users\EknepT\Downloads\setup.exe
        2016-11-16 11:42 - 2016-11-16 11:42 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\Easeware
        2016-11-12 15:03 - 2016-11-02 17:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
        2016-11-12 15:03 - 2016-11-02 17:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
        2016-11-12 15:03 - 2016-11-02 17:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
        2016-11-12 15:03 - 2016-11-02 17:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
        2016-11-12 15:03 - 2016-11-02 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
        2016-11-12 15:03 - 2016-11-02 17:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
        2016-11-12 15:03 - 2016-11-02 17:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
        2016-11-12 15:03 - 2016-11-02 17:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
        2016-11-12 15:03 - 2016-11-02 17:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
        2016-11-12 15:03 - 2016-11-02 16:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
        2016-11-12 15:03 - 2016-10-28 05:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2016-11-12 15:03 - 2016-10-28 05:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2016-11-12 15:03 - 2016-10-27 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2016-11-12 15:03 - 2016-10-27 21:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2016-11-12 15:03 - 2016-10-27 20:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2016-11-12 15:03 - 2016-10-27 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2016-11-12 15:03 - 2016-10-27 20:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2016-11-12 15:03 - 2016-10-27 20:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2016-11-12 15:03 - 2016-10-27 20:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2016-11-12 15:03 - 2016-10-27 20:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2016-11-12 15:03 - 2016-10-27 20:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2016-11-12 15:03 - 2016-10-27 20:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2016-11-12 15:03 - 2016-10-27 20:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2016-11-12 15:03 - 2016-10-27 20:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2016-11-12 15:03 - 2016-10-27 20:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2016-11-12 15:03 - 2016-10-27 20:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2016-11-12 15:03 - 2016-10-27 20:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2016-11-12 15:03 - 2016-10-27 20:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2016-11-12 15:03 - 2016-10-27 20:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2016-11-12 15:03 - 2016-10-27 20:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2016-11-12 15:03 - 2016-10-27 20:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2016-11-12 15:03 - 2016-10-27 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2016-11-12 15:03 - 2016-10-27 20:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2016-11-12 15:03 - 2016-10-27 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2016-11-12 15:03 - 2016-10-27 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2016-11-12 15:03 - 2016-10-27 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2016-11-12 15:03 - 2016-10-27 20:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2016-11-12 15:03 - 2016-10-27 19:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2016-11-12 15:03 - 2016-10-27 19:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2016-11-12 15:03 - 2016-10-27 19:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2016-11-12 15:03 - 2016-10-27 19:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2016-11-12 15:03 - 2016-10-27 19:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2016-11-12 15:03 - 2016-10-27 19:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2016-11-12 15:03 - 2016-10-27 19:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2016-11-12 15:03 - 2016-10-27 19:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2016-11-12 15:03 - 2016-10-27 18:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2016-11-12 15:03 - 2016-10-27 17:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2016-11-12 15:03 - 2016-10-25 17:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2016-11-12 15:03 - 2016-10-22 19:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
        2016-11-12 15:03 - 2016-10-22 19:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
        2016-11-12 15:03 - 2016-10-22 19:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
        2016-11-12 15:03 - 2016-10-22 19:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2016-11-12 15:03 - 2016-10-22 19:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
        2016-11-12 15:03 - 2016-10-22 19:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2016-11-12 15:03 - 2016-10-22 19:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2016-11-12 15:03 - 2016-10-22 19:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
        2016-11-12 15:03 - 2016-10-22 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
        2016-11-12 15:03 - 2016-10-22 19:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
        2016-11-12 15:03 - 2016-10-22 19:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2016-11-12 15:03 - 2016-10-22 19:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
        2016-11-12 15:03 - 2016-10-22 19:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
        2016-11-12 15:03 - 2016-10-22 19:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
        2016-11-12 15:03 - 2016-10-22 19:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
        2016-11-12 15:03 - 2016-10-22 19:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
        2016-11-12 15:03 - 2016-10-22 18:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
        2016-11-12 15:03 - 2016-10-22 18:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2016-11-12 15:03 - 2016-10-22 18:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2016-11-12 15:03 - 2016-10-22 18:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
        2016-11-12 15:03 - 2016-10-22 18:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2016-11-12 15:03 - 2016-10-22 18:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2016-11-12 15:03 - 2016-10-22 18:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2016-11-12 15:03 - 2016-10-22 18:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2016-11-12 15:03 - 2016-10-22 18:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
        2016-11-12 15:03 - 2016-10-22 18:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2016-11-12 15:03 - 2016-10-22 18:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2016-11-12 15:03 - 2016-10-22 18:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2016-11-12 15:03 - 2016-10-22 18:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2016-11-12 15:03 - 2016-10-15 17:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
        2016-11-12 15:03 - 2016-10-15 17:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
        2016-11-12 15:03 - 2016-10-15 17:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
        2016-11-12 15:03 - 2016-10-15 17:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
        2016-11-12 15:03 - 2016-10-11 17:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
        2016-11-12 15:03 - 2016-10-11 17:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
        2016-11-12 15:03 - 2016-10-11 17:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
        2016-11-12 15:03 - 2016-10-11 17:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
        2016-11-12 15:03 - 2016-10-11 17:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
        2016-11-12 15:03 - 2016-10-11 17:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
        2016-11-12 15:03 - 2016-10-11 17:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
        2016-11-12 15:03 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
        2016-11-12 15:03 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
        2016-11-12 15:03 - 2016-10-11 17:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
        2016-11-12 15:03 - 2016-10-11 17:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
        2016-11-12 15:03 - 2016-10-11 17:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
        2016-11-12 15:03 - 2016-10-11 17:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
        2016-11-12 15:03 - 2016-10-11 17:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
        2016-11-12 15:03 - 2016-10-11 17:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
        2016-11-12 15:03 - 2016-10-11 15:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
        2016-11-12 15:03 - 2016-10-11 15:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
        2016-11-12 15:03 - 2016-10-10 17:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2016-11-12 15:03 - 2016-10-10 17:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2016-11-12 15:03 - 2016-10-10 17:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2016-11-12 15:03 - 2016-10-10 17:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2016-11-12 15:03 - 2016-10-10 17:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2016-11-12 15:03 - 2016-10-10 17:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2016-11-12 15:03 - 2016-10-10 17:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
        2016-11-12 15:03 - 2016-10-10 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
        2016-11-12 15:03 - 2016-10-10 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2016-11-12 15:03 - 2016-10-10 16:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2016-11-12 15:03 - 2016-10-10 16:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2016-11-12 15:03 - 2016-10-10 16:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2016-11-12 15:03 - 2016-10-10 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2016-11-12 15:03 - 2016-10-10 16:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
        2016-11-12 15:03 - 2016-10-10 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
        2016-11-12 15:03 - 2016-10-07 17:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
        2016-11-12 15:03 - 2016-10-07 17:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2016-11-12 15:03 - 2016-10-07 17:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
        2016-11-12 15:03 - 2016-10-07 17:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
        2016-11-12 15:03 - 2016-10-07 17:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
        2016-11-12 15:03 - 2016-10-07 17:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 17:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2016-11-12 15:03 - 2016-10-07 17:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2016-11-12 15:03 - 2016-10-07 17:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2016-11-12 15:03 - 2016-10-07 17:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2016-11-12 15:03 - 2016-10-07 17:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2016-11-12 15:03 - 2016-10-07 16:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2016-11-12 15:03 - 2016-10-07 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
        2016-11-12 15:03 - 2016-10-07 16:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
        2016-11-12 15:03 - 2016-10-07 16:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
        2016-11-12 15:03 - 2016-10-07 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
        2016-11-12 15:03 - 2016-10-07 16:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 16:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 16:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-07 16:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
        2016-11-12 15:03 - 2016-10-05 16:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
        2016-11-12 15:03 - 2016-09-15 16:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
        2016-11-12 15:03 - 2016-09-13 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
        2016-11-12 15:03 - 2016-09-13 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
        2016-11-12 15:03 - 2016-09-09 20:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
        2016-11-12 15:03 - 2016-09-09 20:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
        2016-11-12 15:03 - 2016-08-22 18:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
        2016-11-12 13:49 - 2016-11-12 13:49 - 00001021 _____ C:\Users\EknepT\Desktop\TwinMU Launcher - Shortcut.lnk
        2016-11-12 01:41 - 2016-11-12 01:41 - 00000000 ____D C:\Users\EknepT\Documents\My Cheat Tables
        2016-11-12 00:43 - 2016-11-12 22:05 - 00000000 ____D C:\DeviL Mu 99b WITHOUT 3d camera VERSION 4.3.1
        2016-11-11 23:01 - 2016-11-11 23:01 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\RealHideIP
        2016-11-11 23:01 - 2016-11-11 23:01 - 00000000 ____D C:\ProgramData\RealHideIP
        2016-11-11 12:17 - 2016-11-11 12:32 - 69101038 _____ (AkiraWar Team ) C:\Users\EknepT\Downloads\Cliente AkiraWar 0.99b+(1).exe
        2016-11-11 11:10 - 2016-11-23 01:54 - 00110592 _____ C:\Users\EknepT\Desktop\opengl32.dll
        2016-11-07 16:55 - 2016-11-07 16:55 - 00249819 _____ C:\Users\EknepT\Desktop\hran_stoinosti.pdf
        2016-11-07 10:11 - 2016-11-11 12:35 - 00000000 __SHD C:\Users\EknepT\AppData\Local\.#
        2016-11-05 07:00 - 2016-11-05 07:00 - 00020788 _____ C:\Users\Family\Downloads\1502741000200(1).unknown
        2016-11-05 06:59 - 2016-11-05 06:59 - 00020788 _____ C:\Users\Family\Downloads\1502741000200.unknown
        2016-11-04 16:08 - 2016-11-04 16:08 - 00000087 _____ C:\Users\EknepT\Desktop\work.txt
        2016-11-03 16:22 - 2016-11-03 16:22 - 00000000 ____D C:\Users\EknepT\AppData\LocalLow\Google
        2016-11-03 16:21 - 2016-11-03 16:21 - 00002144 _____ C:\Users\Public\Desktop\Google Earth.lnk
        2016-11-03 16:21 - 2016-11-03 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
        2016-11-03 16:18 - 2016-11-23 12:50 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
        2016-11-03 16:18 - 2016-11-23 12:23 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
        2016-11-03 16:18 - 2016-11-03 16:18 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2016-11-03 16:18 - 2016-11-03 16:18 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2016-11-03 10:40 - 2016-11-03 10:40 - 00002224 _____ C:\Users\EknepT\Desktop\rules or.txt
        2016-10-30 03:05 - 2016-11-23 01:52 - 00738813 _____ C:\Users\EknepT\Desktop\maski.htm
        2016-10-30 03:05 - 2016-10-30 03:05 - 00000000 ____D C:\Users\EknepT\Desktop\maski_files
        2016-10-25 01:27 - 2016-10-25 01:27 - 00000702 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Play InfinityMU.lnk
        2016-10-25 01:27 - 2016-10-25 01:27 - 00000694 _____ C:\Users\Family\Desktop\Play InfinityMU.lnk
        2016-10-23 18:03 - 2016-10-23 18:03 - 00000000 ____D C:\Users\EknepT\Desktop\shablon
        2016-10-23 16:36 - 2016-11-02 18:12 - 00000000 ____D C:\Users\EknepT\Desktop\seAAA
        2016-10-23 10:31 - 2016-10-23 10:31 - 00000000 ____D C:\ProgramData\FLEXnet
        2016-10-23 10:30 - 2016-10-23 10:30 - 00000752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
        2016-10-23 10:29 - 2016-10-23 10:29 - 00000000 ____D C:\ProgramData\Adobe
        2016-10-23 10:29 - 2016-10-23 10:29 - 00000000 ____D C:\Program Files (x86)\Bonjour
        2016-10-23 10:28 - 2016-10-23 10:28 - 00000806 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
        2016-10-23 10:27 - 2016-10-23 10:28 - 00000000 ____D C:\Program Files (x86)\Adobe
        2016-10-23 10:27 - 2016-10-23 10:27 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
        2016-10-23 10:27 - 2016-10-23 10:27 - 00000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
        2016-10-23 10:26 - 2016-10-23 10:26 - 00000726 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
        2016-10-23 10:26 - 2016-10-23 10:26 - 00000000 ____D C:\Windows\SysWOW64\spool
        2016-10-21 00:25 - 2016-11-23 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2016-10-18 12:23 - 2016-10-25 01:22 - 486211014 _____ (InfinityMU ) C:\Users\EknepT\Downloads\InfinityMU_Setup.exe
        2016-10-18 12:01 - 2016-10-18 12:02 - 00000000 ____D C:\ProgramData\BlueStacksSetup
        2016-10-18 12:00 - 2016-10-18 12:24 - 00000000 ____D C:\Users\EknepT\AppData\Local\Bluestacks
        2016-10-18 00:52 - 2016-10-18 00:52 - 00000000 ____D C:\Users\EknepT\AppData\Local\http___blacksmithmu.syste
        2016-10-17 21:02 - 2014-05-16 13:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
        2016-10-17 20:36 - 2016-10-17 20:36 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\HMYGSetting
        2016-10-17 20:36 - 2016-10-17 20:36 - 00000000 ____D C:\ProgramData\wondershare
        2016-10-17 20:35 - 2016-10-17 20:42 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\Wondershare
        2016-10-17 20:35 - 2016-10-17 20:42 - 00000000 ____D C:\Users\EknepT\.android
        2016-10-17 20:35 - 2016-10-17 20:42 - 00000000 ____D C:\Program Files (x86)\Wondershare
        2016-10-17 20:35 - 2016-10-17 20:35 - 00000000 ____D C:\Users\Public\Documents\Wondershare
        2016-10-17 20:35 - 2015-02-27 09:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
        2016-10-17 19:45 - 2016-10-18 12:08 - 00000000 _____ C:\hsrv.txt
        2016-10-17 19:45 - 2016-10-17 21:06 - 00000000 ____D C:\Users\EknepT\.VirtualBox
        2016-10-17 19:45 - 2016-10-17 19:45 - 00000000 ____D C:\Program Files\Droid4Xext
        2016-10-17 19:28 - 2016-10-17 19:28 - 00003138 _____ C:\Windows\System32\Tasks\{FD930710-332C-4297-B6DA-E0D1402A1286}
        2016-10-17 19:26 - 2016-10-17 19:26 - 00000000 ____D C:\Users\Public\Thunder Network
        2016-10-17 19:26 - 2016-10-17 19:26 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\HaiYuInst
        2016-10-17 19:26 - 2016-10-17 19:26 - 00000000 ____D C:\ProgramData\Thunder Network
        2016-10-13 15:52 - 2016-09-12 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
        2016-10-13 15:52 - 2016-09-12 22:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
        2016-10-13 15:52 - 2016-09-12 21:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
        2016-10-13 15:52 - 2016-09-12 20:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
        2016-10-13 15:52 - 2016-09-12 20:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
        2016-10-13 15:52 - 2016-09-08 22:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
        2016-10-13 15:52 - 2016-09-08 22:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
        2016-10-13 15:52 - 2016-09-08 22:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
        2016-10-13 15:52 - 2016-09-08 22:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
        2016-10-13 15:52 - 2016-09-08 16:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
        2016-10-13 15:52 - 2016-09-08 16:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
        2016-10-13 15:52 - 2016-08-16 20:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
        2016-10-13 15:52 - 2016-08-16 20:47 - 00419640 _____ C:\Windows\system32\locale.nls
        2016-10-13 15:52 - 2016-08-12 19:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
        2016-10-13 15:52 - 2016-08-12 19:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
        2016-10-13 15:52 - 2016-08-12 19:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
        2016-10-13 15:52 - 2016-08-12 19:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
        2016-10-13 15:52 - 2016-08-12 19:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
        2016-10-13 15:52 - 2016-08-12 18:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
        2016-10-13 15:52 - 2016-08-12 18:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
        2016-10-13 15:52 - 2016-08-12 18:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
        2016-10-13 15:52 - 2016-08-12 18:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
        2016-10-13 15:52 - 2016-08-12 18:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
        2016-10-13 15:52 - 2016-08-12 18:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
        2016-10-13 15:52 - 2016-08-06 17:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
        2016-10-13 15:52 - 2016-08-06 17:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
        2016-10-13 15:52 - 2016-08-06 17:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
        2016-10-13 15:52 - 2016-08-06 17:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
        2016-10-13 15:52 - 2016-08-06 17:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
        2016-10-13 15:52 - 2016-08-06 17:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
        2016-10-13 15:52 - 2016-08-06 17:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
        2016-10-13 15:52 - 2016-08-06 17:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
        2016-10-13 15:52 - 2016-08-06 17:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
        2016-10-13 15:52 - 2016-08-06 17:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
        2016-10-13 15:52 - 2016-08-06 17:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
        2016-10-13 15:52 - 2016-08-06 17:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
        2016-10-13 15:52 - 2016-08-06 17:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
        2016-10-13 15:52 - 2016-08-06 16:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
        2016-10-13 15:52 - 2016-08-06 16:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
        2016-10-13 15:52 - 2016-08-06 16:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
        2016-10-13 15:52 - 2016-06-14 19:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
        2016-10-13 15:52 - 2016-06-14 19:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
        2016-10-13 15:52 - 2016-06-14 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
        2016-10-13 15:52 - 2016-06-14 19:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
        2016-10-13 15:52 - 2016-06-14 17:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
        2016-10-13 15:52 - 2016-06-14 17:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
        2016-10-13 15:52 - 2016-06-14 17:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
        2016-10-13 15:52 - 2016-06-14 17:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
        2016-10-13 15:52 - 2016-06-14 17:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
        2016-10-13 15:52 - 2016-06-14 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
        2016-10-13 15:52 - 2016-06-14 17:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
        2016-10-13 15:52 - 2016-06-14 17:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
        2016-10-13 15:52 - 2016-06-14 17:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
        2016-10-13 15:51 - 2016-07-22 16:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
        2016-10-13 15:51 - 2016-07-22 16:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
        2016-10-05 21:11 - 2016-10-05 21:11 - 00000000 ____D C:\Users\EknepT\AppData\Local\Viber
        2016-10-05 20:13 - 2016-10-06 16:54 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
        2016-10-05 20:13 - 2016-10-05 20:13 - 00000000 ____D C:\Users\EknepT\Documents\My Games
        2016-10-05 20:13 - 2016-10-05 20:13 - 00000000 ____D C:\Users\EknepT\AppData\Local\PunkBuster
        2016-10-05 20:13 - 2016-10-05 20:13 - 00000000 ____D C:\ProgramData\Orbit
        2016-10-05 19:55 - 2016-10-05 19:55 - 00000000 ____D C:\Users\EknepT\AppData\Local\Ubisoft Game Launcher
        2016-10-05 19:53 - 2016-10-06 16:54 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
        2016-10-05 19:53 - 2016-10-05 20:13 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
        2016-10-05 19:53 - 2016-10-05 19:53 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
        2016-10-05 19:53 - 2016-10-05 19:53 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
        2016-10-05 19:53 - 2016-10-05 19:53 - 00000000 ____D C:\Program Files (x86)\Ubisoft
        2016-10-04 15:49 - 2016-10-04 15:49 - 00000074 _____ C:\Users\EknepT\Desktop\xx.txt
        2016-10-03 22:01 - 2016-10-03 22:01 - 05949410 ____R C:\Users\EknepT\Desktop\khvangA.pdf
        2016-10-02 08:00 - 2016-10-02 08:00 - 00000000 ____D C:\ProgramData\Tracker Software
        2016-09-29 01:21 - 2016-09-29 01:24 - 00000277 _____ C:\Users\EknepT\Desktop\PESTO.txt
        2016-09-26 15:57 - 2016-11-14 01:42 - 00000000 ____D C:\Windows\rescache
        2016-09-17 21:57 - 2016-08-12 18:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2016-09-17 21:57 - 2016-08-12 18:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2016-09-17 21:57 - 2016-08-12 18:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2016-09-17 21:47 - 2016-08-16 19:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
        2016-09-17 21:47 - 2016-08-16 04:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
        2016-09-14 14:28 - 2016-11-14 20:06 - 00000638 _____ C:\Windows\Tasks\TrackerAutoUpdate.job
        2016-09-14 14:28 - 2016-09-26 01:29 - 00001022 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
        2016-09-14 14:28 - 2016-09-14 14:28 - 00003288 _____ C:\Windows\System32\Tasks\TrackerAutoUpdate
        2016-09-14 14:28 - 2016-09-14 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
        2016-09-14 14:28 - 2016-09-14 14:28 - 00000000 ____D C:\Program Files\Tracker Software
        2016-09-14 14:05 - 2016-09-19 02:04 - 00002657 _____ C:\Users\EknepT\Desktop\Microsoft Office Word 2003.lnk
        2016-09-14 12:14 - 2016-09-19 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
        2016-09-14 12:14 - 2016-09-14 12:14 - 00000000 ____D C:\Windows\PCHEALTH
        2016-09-14 12:14 - 2016-09-14 12:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
        2016-08-28 10:32 - 2016-08-28 10:32 - 00000000 ____D C:\Users\EknepT\AppData\LocalLow\Temp
        ==================== Three Months Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2016-11-23 12:58 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2016-11-23 12:58 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2016-11-23 12:54 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
        2016-11-23 12:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
        2016-11-23 12:50 - 2015-07-30 14:43 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\ViberPC
        2016-11-23 12:49 - 2015-02-10 02:22 - 00000000 ____D C:\ProgramData\smdmf
        2016-11-23 12:49 - 2014-09-19 00:46 - 00003804 _____ C:\Windows\Tasks\1fe10e27-b376-44d4-a60e-7bf3341cce9b-4.job
        2016-11-23 12:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
        2016-11-23 12:21 - 2014-09-12 15:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
        2016-11-23 02:39 - 2014-09-13 22:14 - 00000000 ____D C:\Program Files (x86)\AIMP3
        2016-11-23 02:33 - 2015-03-28 23:39 - 00000000 ____D C:\KMPlayer
        2016-11-23 02:32 - 2014-10-27 14:59 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\PhotoScape
        2016-11-23 02:32 - 2014-09-14 01:16 - 00000000 ____D C:\Program Files (x86)\Steam
        2016-11-23 02:32 - 2014-09-12 15:51 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\uTorrent
        2016-11-23 02:31 - 2015-06-21 18:07 - 00000000 ___RD C:\Program Files (x86)\Skype
        2016-11-23 02:31 - 2014-11-10 23:08 - 00000000 ____D C:\ProgramData\Skype
        2016-11-23 01:59 - 2016-06-07 18:34 - 00169191 _____ C:\Users\Family\Desktop\Курсове за барман – bab.bg – Българска Асоциация на Барманите, курсове за бармани и бар-мениджъри.htm
        2016-11-23 01:59 - 2016-06-07 17:59 - 00117736 _____ C:\Users\Family\Desktop\PLD IZPIT.htm
        2016-11-23 01:59 - 2016-04-05 05:04 - 00418445 _____ C:\Users\Family\Desktop\Tracy Chapman - Give Me One Reason (The Tailors Djs Remix) - YouTube.htm
        2016-11-23 00:46 - 2014-09-12 18:36 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\Skype
        2016-11-20 13:35 - 2015-07-11 06:09 - 00000588 _____ C:\Users\EknepT\Desktop\HLDS.lnk
        2016-11-20 13:35 - 2015-07-11 06:09 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
        2016-11-19 11:52 - 2014-09-12 15:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
        2016-11-18 11:33 - 2014-10-07 16:11 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
        2016-11-16 09:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
        2016-11-13 21:27 - 2015-06-21 09:01 - 00000000 ____D C:\Users\Family\AppData\Roaming\Skype
        2016-11-12 22:18 - 2009-07-14 06:45 - 02341288 _____ C:\Windows\system32\FNTCACHE.DAT
        2016-11-12 22:15 - 2014-09-24 23:33 - 00000000 ____D C:\Windows\system32\MRT
        2016-11-12 22:06 - 2014-09-11 15:42 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2016-11-09 00:21 - 2014-09-12 15:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
        2016-11-09 00:21 - 2014-09-12 15:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
        2016-11-09 00:21 - 2014-09-12 15:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2016-11-09 00:21 - 2014-09-12 15:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
        2016-11-09 00:21 - 2014-09-12 15:01 - 00000000 ____D C:\Windows\system32\Macromed
        2016-11-03 16:21 - 2014-10-09 21:13 - 00000000 ____D C:\Program Files (x86)\Google
        2016-10-30 17:07 - 2015-07-30 14:43 - 00000000 ____D C:\Users\EknepT\Documents\ViberDownloads
        2016-10-27 22:28 - 2014-09-18 19:37 - 00000000 ____D C:\Users\EknepT\AppData\Roaming\vlc
        2016-10-26 16:29 - 2010-11-21 05:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
        ==================== Files in the root of some directories =======
        2016-10-17 19:26 - 2016-10-17 21:02 - 0002004 _____ () C:\Users\EknepT\AppData\Roaming\droid4xinstaller.log
        2016-07-16 18:32 - 2016-10-20 14:40 - 0005120 _____ () C:\Users\EknepT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2014-10-05 11:09 - 2015-10-26 23:26 - 0007606 _____ () C:\Users\EknepT\AppData\Local\Resmon.ResmonCfg
        Some files in TEMP:
        ====================
        C:\Users\Family\AppData\Local\Temp\SkypeSetup.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== BCD ================================
        Windows Boot Manager
        --------------------
        identifier              {bootmgr}
        device                  partition=\Device\HarddiskVolume1
        description             Windows Boot Manager
        locale                  en-US
        inherit                 {globalsettings}
        default                 {current}
        resumeobject            {a992d535-39c9-11e4-8807-c88c793a3bbf}
        displayorder            {current}
        toolsdisplayorder       {memdiag}
        timeout                 30
        Windows Boot Loader
        -------------------
        identifier              {current}
        device                  partition=C:
        path                    \Windows\system32\winload.exe
        description             Windows 7
        locale                  en-US
        inherit                 {bootloadersettings}
        recoverysequence        {a992d537-39c9-11e4-8807-c88c793a3bbf}
        recoveryenabled         Yes
        osdevice                partition=C:
        systemroot              \Windows
        resumeobject            {a992d535-39c9-11e4-8807-c88c793a3bbf}
        nx                      OptOut
        Windows Boot Loader
        -------------------
        identifier              {a992d537-39c9-11e4-8807-c88c793a3bbf}
        device                  ramdisk=[C:]\Recovery\a992d537-39c9-11e4-8807-c88c793a3bbf\Winre.wim,{a992d538-39c9-11e4-8807-c88c793a3bbf}
        path                    \windows\system32\winload.exe
        description             Windows Recovery Environment
        inherit                 {bootloadersettings}
        osdevice                ramdisk=[C:]\Recovery\a992d537-39c9-11e4-8807-c88c793a3bbf\Winre.wim,{a992d538-39c9-11e4-8807-c88c793a3bbf}
        systemroot              \windows
        nx                      OptIn
        winpe                   Yes
        Resume from Hibernate
        ---------------------
        identifier              {a992d535-39c9-11e4-8807-c88c793a3bbf}
        device                  partition=C:
        path                    \Windows\system32\winresume.exe
        description             Windows Resume Application
        locale                  en-US
        inherit                 {resumeloadersettings}
        filedevice              partition=C:
        filepath                \hiberfil.sys
        debugoptionenabled      No
        Windows Memory Tester
        ---------------------
        identifier              {memdiag}
        device                  partition=\Device\HarddiskVolume1
        path                    \boot\memtest.exe
        description             Windows Memory Diagnostic
        locale                  en-US
        inherit                 {globalsettings}
        badmemoryaccess         Yes
        EMS Settings
        ------------
        identifier              {emssettings}
        bootems                 Yes
        Debugger Settings
        -----------------
        identifier              {dbgsettings}
        debugtype               Serial
        debugport               1
        baudrate                115200
        RAM Defects
        -----------
        identifier              {badmemory}
        Global Settings
        ---------------
        identifier              {globalsettings}
        inherit                 {dbgsettings}
                                {emssettings}
                                {badmemory}
        Boot Loader Settings
        --------------------
        identifier              {bootloadersettings}
        inherit                 {globalsettings}
                                {hypervisorsettings}
        Hypervisor Settings
        -------------------
        identifier              {hypervisorsettings}
        hypervisordebugtype     Serial
        hypervisordebugport     1
        hypervisorbaudrate      115200
        Resume Loader Settings
        ----------------------
        identifier              {resumeloadersettings}
        inherit                 {globalsettings}
        Device options
        --------------
        identifier              {a992d538-39c9-11e4-8807-c88c793a3bbf}
        description             Ramdisk Options
        ramdisksdidevice        partition=C:
        ramdisksdipath          \Recovery\a992d537-39c9-11e4-8807-c88c793a3bbf\boot.sdi
         
        LastRegBack: 2016-11-14 01:35
        ==================== End of FRST.txt ============================

         
        Addition.txt
        Addition.txt
      • от stoy@n
        Здравейте,
        Отдавна не се бях включвал, но положението пак се омаза.... Някакъв malware ми се натресе на браузърите и сканирах с Malwarebytes. Намери някакви гадове и ги изчисти. След това изчистих с Ccleaner и това не се появи повече. След почистването Chrome отваря винаги страницата на скриинсшота. Задавам му друга страница от настройките, но отваря винаги тази. Сопред препоръките Ви свалих Farbar recovery sca tool. Стартирах и ми даде грешката на втория скрииншот. Прикачвам и лог файла от МВ от последното сканиране.
        Поздрави,
        Stoy@n
        P.S.  Извинявам се сега видях, че Furbar е запазил лог файл. Прикачвам  него.


        MB log.txt
        FRST.txt
      • от Stoicho.k7
        Наложи ми се отново да преинсталирам лаптопа и отново ми се наложи да използвам активатори за 2 програми - + това, че от инсталирането на други програми, ми се инсталираха и разни глупости, които не исках, следователно деинсталнах, но някои настройки и глупости ми се промениха и отново стана една бъркотия...... Бих желал да проверя системата, защото антивирусната ми откри някакви си файлове, които премахна, но си мисля, че 100% е останало нещо.

        Разполагам с диск за операционната система.

         
        Addition.txt
        FRST.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение